Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Hackers Infiltrate Early Warning Network System to Send Spam

Just as ex-tropical Cyclone Penny moved toward the coast of Queensland, Australia, users of Early Warning Network reported receiving strange messages from the emergency system.

Hackers were able to access the Early Warning Network, a large-scale emergency warning system in Australia, and then send alarming spam messages to subscribers.

According to the Early Warning Network (EWN), a hacker accessed its system over the weekend and then sent “nuisance messages” via text, phone call and email to a part of its database on Jan. 5 at around 9:30 p.m. EST.

The EWN said Monday on its website that it appears the hacker used “illicitly gained credentials” to login to its system.

“The unauthorized alert sent on Saturday night was undertaken by an unauthorized person using illicitly gained credentials to log in and post a nuisance spam-notification to some of our customers,” according to the note on the EWN’s website. “This was sent out via email, text message and landline. EWN staff at the time were able to quickly identify the attack and shut off the system limiting the number of messages sent out.”

The emergency notification system sends varying threat level alerts – including catastrophic and severe threats – sourced from the Bureau of Meteorology to registrants. The incident occurred just as ex-tropical Cyclone Penny moved toward the Queensland coast.

According to multiple people who posted to Twitter, the spam message read: “EWN has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues. Please email support[@]ewn.com.au if you wish to unsubscribe.”

The EWN said that the links used in the spam alert were non-harmful; and subscribers’ personal information were not compromised during the incident.

While it did not specify the number of subscribers who received the notice, the EWN said that a “small proportion” of its database received the alert. An ABC report meanwhile said that “thousands” had received the alert.

EWN said Monday that its systems are back up and running, and that it is continuing to investigate the incident with police involvement.

It’s not the first time some type of public emergency alert siren, designed to both caution citizens of crises, has been compromised by attackers to take control of the system to broadcast false alarms – or shut it down completely.

In April 2018, researchers found that public emergency alert sirens in San Francisco could be compromised by attackers who can take control of the system to broadcast false alarms.

Tom Kellermann, chief cybersecurity officer at Carbon Black, told Threatpost in an interview that early warning networks are becoming a “soft target.”

“Security leadership typically focuses on the resiliency of these systems,” he told us. “This can be a double-edged sword. The business continuity and resiliency priorities of these systems inherently increases the attack surface. As they have added redundancy, backup network operations centers and remote access – coupled with the introduction of applications – introduce a myriad of vectors by which attackers can conduct a cyber-intrusion.”

An EWN did not respond to Threatpost for further statement before publication.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.